SecurityRatty: category: Security

Misconceptions about outsourcing security

2007-12-13 14:05:54 by Khalid Kark in Security & Risk Management

...security. Here are the most common ones that I come across Outsourcing security is cheaper than doing it internally. Cost is usually the one of the reasons business gets interested to outsource but Forrester has consistently found that for security managers cost is not the primary reason they want to outsource. and outsourcing may not always...

Tags: security processes, establish security processes, security, processes, security controls, security managers cost, cost, security operations, security services

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...Security Team Cross-site scripting (aka XSS) is the term used to describe a class of security vulnerabilities in web applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of the victim's web session. Any web application that serves documents that include data from untrusted sources could be...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

Federal Information Security and Management Act -- Five Years On

2007-12-18 02:00:00 by Shannon Kellogg in Speaking of Security, the RSA Blog and Podcast

...security: the Federal Information Security and Management Act (FISMA) just completed its fifth year on the books as a federal law As the follow up to the Government Information Security Act of 2000, FISMA established an updated legal framework for federal information security, including baseline security standards for federal agencies. I...

Tags: federal information security, management act, fisma, baseline security standards, information security community, mixed bag, federal law, focus, legal framework

Security is Everybody's Job

2007-09-18 00:00:00 by Jamie Barnett in Speaking of Security, the RSA Blog and Podcast

...security market was not long for this world. Some in the audience must have thought he was Looney Tunes, making a claim like that at a longtime venue dedicated to all things security. In my role driving integrated solutions of RSA technology and EMC products, I speak with security, IT, and storage professionals regularly to understand their...

Tags: security, standalone security market, job, information infrastructure products, storage professionals regularly, s-job, looney tunes, art coviello, emc products

Speaking of Security Podcast #67

2007-06-25 00:00:00 by Podcast Producers in Speaking of Security, the RSA Blog and Podcast

...Security Engineer with Accuvant and prolific security blogger: An Information Security Place and for Computerworld . He talks about how performing a security assessment is like a trip to the dentist, about how educational organizations deal with security, and what he thinks are the hot issues in security for the second half of 2007. Please...

Tags: security, security assessment, information security, prolific security blogger, security engineer, security podcast team, listener appreciation month, educational organizations deal, short survey

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links

...security By Dan Swanson A Reader Asks: Who is responsible for information security The Auditor Responds: In short, the board of directors, management (of both staff and business lines), and internal audit functions all have significant roles in auditing information security. The big question for many companies is how these stakeholders should...

Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security

Review of My 2007 Security Predictions: Too Wimpy

2007-12-23 15:46:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...Security Predictions for 2007 ... Go! ) fared. I am shocked that many of my colleagues looooove to predict, but seem to shy away from reviewing them in the end of the year ( big ego - small 'you know whats So, one liner summary of status of my 2007 predictions : they were too wimpy. In more detail PI. Platforms: Vista will have no impact on...

Tags: status check iii, status check, status check viii, security, security predictions, status check vii, check, predictions, status

Blue Box #73: SIP security issues at IETF 70, Skype security, vulnerabilities in Cisco and Nokia phones, Vietnam's cyberdissidents, VoIP security news

2007-12-31 18:08:58 by HASH0x89ff4a8 in Blue Box: The VoIP Security Podcast

...security issues at IETF 70, Skype security, vulnerabilities in Cisco and Nokia phones, Vietnam's cyberdissidents, VoIP security news, listener comments and more Welcome to Blue Box: The VoIP Security Podcast #73, a 44-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3,...

Tags: voip security news, news, voip, protect voip communications, security, sip, skype security, sip security issues, voip news

"The Silver Bullet Security Podcast" - another security podcast to check out

2007-12-11 10:26:49 by HASH0x89e67e0 in Blue Box: The VoIP Security Podcast

...Security & Privacy site which pointed me to an interesting new security podcast called " The Silver Bullet Security Podcast with Gary McGraw". It is apparently a joint project of security firm Cigital and the IEEE Security & Privacy Magazine . The regular show page is at www.cigital.com/silverbullet/ and includes a place there for comments...

Tags: security podcast, cigital, episode, blue box episode, ieee security, security firm cigital, folks, clipper chip days, academic institutions

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo